Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

studiocms

View on npm registry
7 Total advisories
7 Vulnerabilities
0 Malware

Vulnerabilities

LOW 2.7
npm

CVE-2026-32638

StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens
MEDIUM 5.4
npm

CVE-2026-32104

StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings
MEDIUM 4.7
npm

CVE-2026-32106

StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts
MEDIUM 6.8
npm

CVE-2026-32103

StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation
HIGH 7.1
npm

CVE-2026-30945

StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service
HIGH 8.8
npm

CVE-2026-30944

StudioCMS has Privilege Escalation via Insecure API Token Generation
MEDIUM 6.5
npm

CVE-2026-24134

StudioCMS has Authorization Bypass Through User-Controlled Key

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes